Posted
by
samzenpus
on Monday June 25, 2012 @11:28AM
from the you've-got-war-mail dept.

puddingebola writes in with a link to a New York Times article about how the militarization of the internet is changing contemporary warfare. "The decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush's presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory. It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyber-weaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyber-weapons outside any regulatory framework."

Y'know, once the world calms down to pre-1950 levels of crazy I'm sure the President will give up his emergency-granted powers...

Just remember if we get to Threat-Level Puce to set your radio dial to your CONLRAD station, paint yourself white, remove your distributor cap and lie down away from windows or doors, surely this aggression will not stand...

Actually, according to the Constitution, the US has fought no wars since 1945. We stopped declaring war at about the same time as we renamed our War Department the Department of Defense (after which we continued to attack foreign nations just like we've been doing throughout history).

Could we stop such stupid wording? There's no war here. Nobody has died or is dying because of what they are pretending are weapons, which are in fact just a bunch of bits. This is becoming very silly, and I don't buy into this propaganda.

And by the way, instead of falsely using an important word such as "war", we'd better highlight and focus on how much Microsoft is the responsible here. Responsible in both having stupid security holes (come on... executing code in a.lnk!!!) and not doing security house

So if the virus made the centrifuges explode and people died would you change your mind?

when few blocks from the same place guys are speeding on motorcycles and attaching bombs to cars.. who the fuck cares about doing the equivalent of pissing in the centrifuges.

the whole reporting on the issue is out of hand. it makes me worried that some politicians are going to pay even more silly money for silly sw - and the only guys telling that it works and reporting what it did are the same fucking guys who get paid for doing it.

The United States constantly declares war. There's been the "War on Drugs", the "War on Terror" - not to mention the wars against Iraq and Afghanistan and undeclared wars in places like Somalia and Yemen - where military actions (or drone-bourne assasinations) take place regularly.

The thing is, wars are wonderful devices for a democratically elected government. They allow a "wartime" footing to be established where a lot of peacetime protections, rights and restrictions can simply be tossed aside. War is as much a state of mind as a military action. If a country considers itself at war, a lot of the things that its citizens would be permitted to do become criminalised, or at least subject to official scrutiny.

This is exactly what's happened since 2001. The problem is that now we have governments all over the world - previously responsible, western governments that were considered "enlightened" are now viewing all their citizens as potential enemies, criminals or terrorists - and are treating them according to that suspicion.

If you think that cyberspace is too abstract a place to have a war, just look out for all the critical infrastructure that is accessible on the internet. Facilities that any government would be mad to let people walk into unchallenged can (I'm told) be hacked. Whether it's by a script-kiddie or a Stuxnet wielding super-power is immaterial. It's a state of conflict and peoples' rights are being squashed in order to counter it. That sure sounds like a war - even if the enemy is us.

How about cyber-industrial complex instead. Cyber warfare and defense is becoming the new way to milk the Federal government for contracts and money, from the same people who've brought you the defense-industrial complex for the last 70 years, so it shall continue, whether you like it or not.

It will also be the excuse for the licensing of access to the internet, for introduction broad restriction of use for 'national security reasons', for creating the new term 'internet terrorists' and, for the creating of no internet access lists for national security reasons. It all starts now.

Apologies, there are so many sharks circling the money in the water its probably impossible to list them all. I didn't even get to the standard contractor leeches CSC, EDS, SRI, HP, IBM. I could go on all night, so much money to be had, so little time.

Agreed. If this is considered war, then is the US and Israel really at war with Iran now? Does Iran have a valid reason to strike back? Can Iran go to the UN and demand sanctions on the US and Israel for striking first and performing hostile activities on Iran?

> Could we stop such stupid wording? There's no war here. Nobody has died or is dying because of what they are pretending are weapons, which are in fact just a bunch of bits. This is becoming very silly, and I don't buy into this propaganda

Shhhhh! Stop calling out the emperor's new clothes. I have a computer security business and this level of groundless hype is good for business.

Anyway, your definition is stupid. If no one dies, it's not a war? There is so much grey area. What if people are maimed? Bleeding? What if country A bombs a warehouse and the only injuries are blindness, deafness, or bruised people? What if you destroy enough food to cause a famine? Nobody directly died. And does that make all assassinations

I grew up in the U.S. during the 80's. Yeah, we could board an airplane with our shoes on, but there was still a pretty good chance of getting nuked. I can't even imagine what it must have been like for people in the 60's. Go back just a little farther, and the threat of actual invasion was imminent.

Nobodies every answered what makes the US think it can win this type of war? The largest military in the worlds no use in this type pf war. More likely the wells the going to be poisoned and there will be military grade nasties affecting commercial systems for technological generations to com.e

Yes, but not for a nuclear command and control system as most people think. The ARPANET was to connect the geographically dispursed defense researchers and institutions to the small number of available research computers. The survivability in the design can be attributed to the poor reliability of the switching and circuits -- you didn't need a nuclear attack to take down the network, it handled that all on its own.

And it won't be for decades. These are top-notch spies we're talking about here, with the most powerful military in human history defending them. There's as much proof that the US was involved in Stuxnet as there is that the US was involved in the Venezuela coup: They had the means and the motivation, and left some evidence behind that sure looks suspicious, but no definitive proof.

Whether it was the Israelis, Americans, both, or including Canada/France/UK/Germany/AUS/NZ/JAPAN is a legitimate question. But this isn't a legal proceeding, and the precise culpability of any particular government or branch thereof isn't really relevant to the discussion at hand.

This hasnt been proven beyond reasonable doubt. Even though we all think US/Isreal are the curprits, all articles should start with an appropriate preface. This really needs to stop.

The allegation that the United States used a worm to secretly infect and then attack an Iranian nuclear facility is a very serious one... so if the U.S. really was innocent, wouldn't the government officially deny involvement? Instead, when asked about Stuxnet, administration officials say things such as "we're glad they are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them," which is w

marked a significant and dangerous turning point in the gradual militarization of the Internet.

And all these attacks coming out of Chinese universities are what, game playing?

Military takes on all mediums so it was inevitable efforts would evolve. WW III (should it come) will certainly involve a lot of concentrated attacks over the web, to bring it down, because it's far faster communication than simple radio or Television and goes around the world in milliseconds.

That was my first thought. The Chinese barely see any other practical use for the Internet.

I view it as conducting research for the state. They learned something about US preparedness, while firing a warning salvo across the bow. If they really did want to cause harm, they could have. Instead they showed a sample. This means there needs to be circuit breakers on the internet for certain countries. I'm not please about it, but it is inevitable -- just as some countries are walling off their own traffic from getting out or outside traffic getting in.

Also, what makes them think that regulations matter when you're talking about war? Look at the nuclear weapons treaties - North Korea, Pakistan, India, and Israel have all flaunted them by making nuclear weapons, and the US and Israel have flaunted them by attempting to prevent Iran from researching nuclear power for civilian purposes (which is allowed under non-proliferation treaties).

Technically, only Iran may possibly have violated the non-proliferation treaty. Pakistan, India, and Israel never signed on to it so were perfectly within their rights to develop nukes. North Korea formally withdrew before testing their nuke, though they probably did violate the treaty prior to that withdrawal.

Iran is probably violating it, since they are a signatory, have not withdrawn, and almost certainly are developing a nuclear weapon.

Yes, the oil-rich state desperately needs to develop an extremely expensive form of alternative energy. And they need to enrich their uranium far beyond the 5% used in a typical commercial reactor. I'm sure it is all quite peaceful.

Technically, only Iran may possibly have violated the non-proliferation treaty. Pakistan, India, and Israel never signed on to it so were perfectly within their rights to develop nukes. North Korea formally withdrew before testing their nuke, though they probably did violate the treaty prior to that withdrawal... Iran is probably violating it, since they are a signatory, have not withdrawn, and almost certainly are developing a nuclear weapon.

So it's somehow better to not sign the non-proliferation treaty and develop nukes than it is to sign and be accused of creating nukes. Technical indeed.

Next, one of the world's most technical nations purposely inserts a destructive virus into facilities working with one of the most dangerous radioactive substances. Thus ensuring, supposedly, a signatory doesn't develop alleged weapons while 3 countries continue developing actual nuclear weapons. Alleged (adj.): "Iraq was alleged to have WMDs."

Yes, because after you sign the NPT you get a bunch of assistance with peaceful nuclear energy technology under the assumption (hahaha) that you won't use that assistance to bootstrap your way to weapons (because you "promised not to")Whereas if you don't sign, you can develop all the nuclear weapons you want, but you don't get assistance.

"You don't get assistance" unless you're Israel, Pakistan, or India. In which case you don't sign but still get assistance from the US.

Technically, only Iran may possibly have violated the non-proliferation treaty. Pakistan, India, and Israel never signed on to it so were perfectly within their rights to develop nukes. North Korea formally withdrew before testing their nuke, though they probably did violate the treaty prior to that withdrawal.

Iran is probably violating it, since they are a signatory, have not withdrawn, and almost certainly are developing a nuclear weapon.

So what if they signed some stupid ass piece of paper? When does the USA go by shit they sign? Not sure? Ask the Native Americans how well treaties has worked for them.

Iran has all the rights in the world to make Nukes. And everyone knows it. We don't want them to have it, because we want only the few that have it to keep having it. Sort of like how the Music Industry wants to hold on to it's monopoly.

Keep in mind, the only country to have used nukes against anyone else is the USA, so if anyone

Another difference: when Enola Gay dropped the atomic bomb didn't had megaphones yelling everywhere how to build one atomic bomb yourself. Don't show how to make weapons when you are the most vulnerable player against them.

What complete and utter tripe! The Chinese, Russians and any number of other countries crossed the proverbial Rubicon many, many years ago. If the submitter is so naive as to think that this was the first example of state sponsored computer hacking against another state than the submitter needs to go to Defcon or any other security convention. Get real, get a clue.

Exactly. In addition, the internet is full of viruses and malware seeking to damage things. If you aren't securing your stuff, you're going to have trouble, and it won't matter much to you if it was a state sponsored actor or third-world thugs who just stole all the money from your bank account.

Cyber-security is seen as a major vulnerability, with the US Defence Department spending more than $100 million (£69 million) in the past six months repairing various types of damage caused by cyber attacks.

... idiots using a piss poor OS shot full of security holes called Windows for mission critical infrastructure end up having the computers running said piss poor OS compromised or screwed up by some software that works off an abysmal security failure of a feature called autorun.

Peacetime? The US has only been at "peace" for a handful of years in its history, the rest of the years it has been fighting people abroad such as Iraq, Afghanistan, Vietnam, etc. People within its own borders (Indian wars) or arming, training and supporting violence in other countries ("war on drugs"). By abolishing peacetime, the government is allowed to ransack our liberties, steal our income even more and stifle dissent. Keep in mind we are still under a state of emergency because of "terrorism" first enacted by Bush and then extended every year by Obama.

I was always under the impression that the reason the US is always at war was at least in part so that it always had military personnel who were experienced in combat and thus better prepared to defend the country. Purely peacetime armies that have no combat veterans are usually pretty ineffective when they meet folks who are experienced. In a way this makes sense, sadly for the rest of the world it means someone is always going to get their ass invaded and if there is no justification for it, one will be p

It is a grossly inaccurate to state "Stuxnet has effectively fired the starting gun in a new arms race...". On the contrary, Stuxnet only makes a large percentage of the population aware of an arms race that started long ago.

Considering nearly every protocol and major advancement on the internet has been through DARPA [wikipedia.org] the world will probably be fine. But making unfounded ridiculousness claims is a great way to hype up a book you are going to sell in stores.

I never understood 'rules' of war. If someone runs from (the symbolic) me into a church, I say nuke the church. If my bullets can mutilate instead of kill, and in the end bring victory, then I shoot mutilating bullets. If my biological weapon can be easily deployed into your water supply, why shouldn't they be?

The US started this war. And the rules of war, equivalent to laws, will only be followed by US law abiding citizens, not our enemy targets When we get another 9/11 level attack, don't be so naive this time, we started it (the same as last time).

The theoretical reasons for rules of war are:1. War is a nasty business, but soldiers should not just be wiping out people that aren't a threat to them. Most people have a pretty strong moral aversion to killing people who just happen to be in the wrong place at the wrong time (it happens, but that doesn't make it ok). In your examples, are you ok with killing off the people who are in that church praying while their country is being invaded? How about the family of civilians that was unable to escape and n

Then you don't understand war. What is limited is what doesn't really help to win battles or wars. If a church or a historical building is used as a defensive position you can atttack it, but if it isn't, it survivies. Regular ball rounds do plenty of damage. Chemical weapons mostly inconvinience trained troops. Who also breach minefields with little operational delay.

The rules help minimize the damage to property and society and between societies. You don't just have to win a war, you have to establish a stable peace. I knew a lot of veterans from the Calgary Tanks who because they defended the beach at Dieppe while the infantry was taken off became prisoners of war for 3 years. Under your "enlightened" philosophy I imagine they're no room for POW's either.

Well, better not exercize those views in a real war zone. With professional troops your side would likely throw you in jail. If captured, you're likely to be shot out of hand.

Rules of war exist when some force or forces have an overpowering superiority, as well as soft spots (whether they be population, infrastructure, resources, or heritage) they would like to be off limits.

The agreement between these Powers become the "Rules" of war.

For forces that do not have an overpowering superiority or do not have the "status quo" soft spots, these "Rules" can make little to no sense.

On the other hand, if the overwhelmingly powerful can have everyone play nicely by the rules they have cre

Someone should note that while everyone watches Stux and similar, the Chinese have been carrying out Cyberwar, and constructive espianage for many years now. Their aggressive war activity has netted, and continues to net them economic gains far far outstripping the silly games being played around the Iranian nuclear program.

And, further, unless its actually challenged, the price and cost of that makes the Iranian Nuclear issue peanuts.

Am I the only one who is struck by the irony of that statement? Remember that military funding was behind the initial research and development of the Internet we use today. It's almost as if they allowed the private sector to spend their time and energy to develop and expand it for them, so they could again use it for their own purposes..

http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net] "Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all.

The article seems to think that the US is the first to pull the "Cyber Warfare" trigger. That is just silly. The only thing different here is that the US government was silly enough to ADMIT that they were partially responsible for Stuxnet virus, etc. The US civilian industry, and military assets have been under constant attack by various "actors" for over a decade. The only difference is those "actors" haven't admitted it or been caught red-handed. Most likely (and again they haven't been dumb enough to admit it like the US), the Chinese government has been one main Cyber Warfare protagonist that is constantly assailing US assets. So everyone get off their High Horses and face the real world.

The simple fact is we chose to fire bits at em, instead of nukes! Seems like an improvement in my mind!

It's a wild and wooly world out there, folks, and what you're seeing is the difference between an open society and closed ones. Russian, Chinese, DPRK, terrorist, and organized crime entities have been working aggressively to field all sorts of bots, viruses, and trojans designed to inflict harm or break into US systems for at least a decade.

When Israel and/or the US do it, it's almost inevitable that *someone* will find out, and at the NYT, they interpret this as "OMG look at what we're doing!"

It is my understanding that Stuxnet got in on a USB stick: nothing at all to do with the Internet !(True the actual controllers were networked to the compromised Windows PCs, but still not the "internet".)

It is my understanding that Stuxnet got in on a USB stick: nothing at all to do with the Internet !(True the actual controllers were networked to the compromised Windows PCs, but still not the "internet".)

Much like everything our government does, Facts do not matter, just the propaganda (They call it PR these days).

Your use of the phrase 'the militarization of the internet' bothers me. DARPANET was founded by the military; it was only in the 1990's that the internet became commercialized, and made friendly to civilians. Never forget that the prime purpose of the internet was to found a command and control structure, to keep communications open to Cleveland if Chicago got nuked. Stop worrying about the militarization of a military network. This is a straw man.

The decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush's presidency marked a significant and dangerous turning point in the gradual militarization of the Internet.

Chinese gov. has been doing this for over a decade. NOW, ppl want to point fingers at W, while disregarding what CHina (and North Korea, Iran, Venezuela, and probably Russia) is doing? Seriously?

Look,I am well known for my disdain of neo-cons and the harm that they cause. However, to point a finger to W while ignoring the facts of other nations developing spy and attack virus, is just plain out there.

The Geneva convention isn't ignored when we shoot.50 BMG round at some combatants we are not targeting them as you can't shoot.50 cal or greater rounds at personal, but instead targeting equipment on them as those rounds are only suppose to be anti material. Problem is we are just bad shots.

By themselves conventions aren't going to actually prevent anything. They're only useful in a situation after the fact where you can say 'well you agreed to this, and then didn't follow it' or for a higher tier of government to prevent a lower from misbehaving if it's so inclined (so the president commanding the CIA to stop torturing sort of thing).

I think the big difference with the internet and computers in general is that the whole private sector is going to have a vested interest in treating all hackin

That's the thing about wars and rules. The rules are only followed by one side, typically the losing side unless there is some major imbalance of power. I'm all for worldwide peace, but the winning side is unlikely to follow any rules we set.

I just wonder, is there no way to ensure that these machines are properly locked down?At home I run a WinXP VM that boots from a locked volume and a delta disk.I can always diff any system files (and in fact have a script that does this) against an MD5 hash of the install files.I can re-hash after running a windows update.more than once I've found that the machine has changed in a way that I think is undesirable and I revert it.

I would think these SCADA systems would be relatively easy to do the same thing

Your VM isn't secure, you only think it is because the machine that you're running it on says that it's secure. Are you running it off a live CD? Where did you get it from? Where did you get your md5 check program from? Where did that USB stick come from? What about your hardware, did you just get a cheap Chinese-made box from Best Buy?

Who's to say that your "real" machine isn't compromised? Sure, it's fine against the drive-by attacks of Botnet operators, but have you gone up against a military-grade